Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Silver

Import/Exporting iVRF routes in IPsec iVRF/FVRF environment

Hi,

I am currently terminating a number of IPsec VPNs into customers' 'inside' VRFs (iVRFs) with the 'classic' crypto-map applied in a separate Front-Door VRF (FVRF) on an ASR1k. I now want to export a VPN route from one iVRF into another VRF using MP-BGP. This works as expected in as far as the VPN prefix makes it into the BGP table, but not into the RIB - it would appear that this may be by design and a route with a next-hop in the FVRF (i.e. the VPN RRI route) cannot be exported from the VRF and imported into another VRF. Is there any workaround for this; the only one solution which looks like it might work is to import/export these routes using another VRF and back-to-back VASI interfaces, using ordinary BGP to leak routes. Another possible solution is also to use sVTIs instead of classic crypto (thus avoiding the RRI route), but this doesn't address the need to support classic crypto.

Cheers,

Matt

1 REPLY
New Member

Re: Import/Exporting iVRF routes in IPsec iVRF/FVRF environment

Sorry to resurrect this, but I am having this exact problem, and wondering if you ever found a solution to this? I have managed to achieve connectivity over a GRE Tunnel, but standard IPSEC vpn still puzzles me.
1015
Views
0
Helpful
1
Replies
CreatePlease to create content